ISO/IEC 40180:2017 Information technology, Uncategorized

ISO/IEC 40180:2017 Information technology

Posted on by owner

Courtesy: ISO/IEC 40180:2017 Information technology

ISO 19770-1 Edition 3 (current version)

The most recent version, known as ISO 19770-1:2017 and published in December 2017, specifies the requirements for the establishment, implementation, maintenance, and improvement of a management system for IT asset management (ITAM), referred to as an IT asset management system. ISO 19770-1:2017 was a major update and was rewrote the standard to conform to the ISO Management System Standards (MSS) format. The tiered structure from 197701:2012 was moved to an appendix within the updated standard.

Intended Users

This document can be used by any organization and can be applied to all types of IT assets. The organization determines to which of its IT assets this document applies. This document is primarily intended for use by:

  • those involved in the establishment, implementation, maintenance, and improvement of an IT asset management system;
  • those involved in delivering IT asset management activities, including service providers;
  • internal and external parties to assess the organization’s ability to meet legal, regulatory and contractual requirements and the organization’s own requirements.
  • ISO/IEC 19770-2 provides an ITAM data standard for software identification (SWID) tags. Software ID tags provide authoritative identifying information for installed software or other licensable item (such as fonts or copyrighted papers).
  • Overview of SWID tags in use
  • There are three primary methods that may be used to ensure SWID tags are available on devices with installed software:
  • SWID tags created by a software creator or publisher which are installed with the software are the most authoritative for identification purposes.
  • Organizations can create their own SWID tags for any software title that does not include a tag, allowing the organization to more accurately track software installations in their network environment
  • Third party discovery tools may optionally add tags to a device as software titles are discovered
  • Providing accurate software identification data improves organizational security, and lowers the cost and increases the capability of many IT processes such as patch management, desktop management, help desk management, software policy compliance, etc.
  • Discovery tools, or processes that utilize SWID tag data to determine the normalized names and values that are associated with a software application and ensure that all tools and processes used by an organization refer to software products with the same exact names and values.
owner